A cleartext storage of sensitive information vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to reveal firewall usernames, passwords, and API keys generated using those credentials.
Fixes

Solution

The fixes for all listed issues are available in Expedition 1.2.96, and all later Expedition versions. The affected cleartext file will be removed automatically during the upgrade. All Expedition usernames, passwords, and API keys should be rotated after upgrading to the fixed version of Expedition. All firewall usernames, passwords, and API keys processed by Expedition should be rotated after updating.


Workaround

Ensure networks access to Expedition is restricted to authorized users, hosts, or networks.

History

Thu, 04 Sep 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 15 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.08199}

epss

{'score': 0.08687}


Fri, 18 Oct 2024 12:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:paloaltonetworks:expedition:1.2.0:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.10:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.11:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.12:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.13:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.14:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.15:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.16:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.17:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.18:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.19:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.20:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.21:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.22:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.23:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.24:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.25:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.26:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.28:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.29:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.2:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.30:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.31:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.32:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.33:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.34:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.35:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.36:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.37:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.38:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.39:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.3:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.40:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.41:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.42:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.43:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.44:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.45:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.46:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.47:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.48:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.49:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.4:2:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.50:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.51:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.52:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.53:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.54:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.55:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.56:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.57:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.58:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.59:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.5:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.60:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.61:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.62:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.63:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.64:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.65:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.66:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.67:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.68:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.69:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.6:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.70:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.71:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.72:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.73:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.74:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.75:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.76:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.77:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.78:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.79:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.7:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.80:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.81:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.82:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.83:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.84:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.85:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.86:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.87:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.88:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.89:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.8:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.90:1:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.91:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.92:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.93:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.94:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.95:-:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:expedition:1.2.9:-:*:*:*:*:*:*

Thu, 17 Oct 2024 05:45:00 +0000


Tue, 15 Oct 2024 15:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-312
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}


Fri, 11 Oct 2024 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Paloaltonetworks
Paloaltonetworks expedition
CPEs cpe:2.3:a:paloaltonetworks:expedition:*:*:*:*:*:*:*:*
Vendors & Products Paloaltonetworks
Paloaltonetworks expedition
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 09 Oct 2024 22:45:00 +0000

Type Values Removed Values Added
Title Expedition: Cleartext Storage of Information Leads to Firewall Admin Account Takeover Expedition: Cleartext Storage of Information Leads to Firewall Admin Credential Disclosure
Metrics cvssV4_0

{'score': 8.2, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/AU:N/R:U/V:C/RE:H/U:Red'}

cvssV4_0

{'score': 8.2, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/AU:N/R:U/V:C/RE:H/U:Amber'}


Wed, 09 Oct 2024 17:15:00 +0000

Type Values Removed Values Added
Description A cleartext storage of sensitive information vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to reveal firewall usernames, passwords, and API keys generated using those credentials.
Title Expedition: Cleartext Storage of Information Leads to Firewall Admin Account Takeover
Weaknesses CWE-532
References
Metrics cvssV4_0

{'score': 8.2, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/AU:N/R:U/V:C/RE:H/U:Red'}


cve-icon MITRE

Status: PUBLISHED

Assigner: palo_alto

Published:

Updated: 2025-09-04T15:09:40.127Z

Reserved: 2024-10-03T11:35:13.454Z

Link: CVE-2024-9466

cve-icon Vulnrichment

Updated: 2024-10-10T17:37:07.059Z

cve-icon NVD

Status : Modified

Published: 2024-10-09T17:15:20.400

Modified: 2024-10-17T06:15:04.720

Link: CVE-2024-9466

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.